Prevent Cloning of balenaOS devices

We would like to prevent cloning of our balenaOS devices once flashed.

I was using MAC address of the ethernet interface because it’s unique for each physical device.
But I cannot use MAC address anymore because some of our balena apps change the mac address in runtime.
Is there any other way to get “unique” information from the physical device so that I can use it for device identification?
I was thinking of using /etc/machin-id on hostOS, but couldn’t bind it to a container.


Hello @scarlyon this is a very interesting question and we are working on this.

Could you please confirm what device architecture do you use?

Hi, @mpous

We are working on all architectures.

Device names are intel-nuc, genericx86-64, up-board, jetson-nano, jetson-tx2, etc.

1 Like

Hi, current versions of balenaOS publish a CPU_ID to the cloud in ARM devices (effectively the contents of /proc/device-tree/serial-number). This can be used as hardware identifier.
We are working on extending this to include x86 based device types, and also to expose it on the supervisor API so that containers can access it without having to fetch it from the cloud.
But as I said you can use this already for ARM devices by using the device API endpoint (Resources - Balena Documentation). You can use the existing SDKs to access it from your user application. Once the x86 change is released, the same mechanism will work on x86 device types too.

1 Like